EIP-2026-113019
PRE-CVEvBulletin ChangUonDyU Advanced Statistics - SQL Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-113019. PoCs published by Juno_okyo.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in vBulletin's ChangUonDyU Advanced Statistics plugin via the 'listforumid' parameter in ajax.php. The PoC includes crafted UNION SELECT queries to extract database information and user credentials.
Description
vBulletin ChangUonDyU Advanced Statistics - SQL Injection
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Juno_okyo · textwebappsphp
https://www.exploit-db.com/exploits/22429
This exploit demonstrates a SQL injection vulnerability in vBulletin's ChangUonDyU Advanced Statistics plugin via the 'listforumid' parameter in ajax.php. The PoC includes crafted UNION SELECT queries to extract database information and user credentials.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
vBulletin 3 & 4 with ChangUonDyU Advanced Statistics plugin
No auth needed
Prerequisites:
Access to the target's ajax.php endpoint
mistral-large-3 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026